b"FEDERAL TRADE COMMISSION\n  OFFICE OF INSPECTOR GENERAL\n\n\n\n\nSEMIANNUAL REPORT TO CONGRESS\n\n   Aprill, 2008 - September 30, 2008\n\n\n\n              Report No. 40\n\x0c                                            UNiTED STATES OF AMERICA\n                                     FEDERAL TRADE COMMISSION\n                                              WASHINGTON, D.C 20580\n\n\n\n\nOffice of Inspector General\n                                                    October 30, 2008\n\n\n\n      The Honorable William E. Kovacic\n      Chairman\n      Federal Trade Commission\n      600 Pennsylvania Avenue, N.W.\n      Washington, D.C. 20580\n\n      Dear Chairman Kovacic:\n\n              I am pleased to present the attached report that covers the Office ofInspector General's\n      (OIG) activities for the second half of fiscal year 2008 and is submitted according to Section 5 of\n      the Inspector General Act of 1978, as amended.\n\n             During the six-month reporting period ending September 30, 2008, the OIG issued an\n      audit of the FTC administration of leave, and a follow-up report on Audit ofFTC Redress\n      Administration Performed by Analytics, Inc. (AR-06-071). The OIG completed a review of the\n      FTC's Implementation of the Federal Information Security Management Act for FY 2008 and\n      issued Management Challenges for inclusion in the FTC's FY 2008 Performance and\n      Accountability Report.\n\n            The OIG processed 40 consumer inquiries and complaints/allegations of possible\n      wrongdoing during the reporting period. We opened three new investigations of possible\n      misconduct and closed four investigations.\n\n              As in the past, management has been responsive in working with the OIG to implement\n      all proposed recommendations. I appreciate management's support and I look forward to\n      working with you in our ongoing efforts to promote economy and efficiency in agency\n      programs.\n\n                                                   Sincerely,\n\n\n                                           ~M,4..,~\n                                                   John M. Seeba\n                                                   Inspector General\n\x0c                                        INTRODUCTION\n\n        The Federal Trade Commission (FTC) seeks to ensure that the nation's markets are\ncompetitive, efficient and free from undue restrictions. The FTC also seeks to improve the operation\nof the marketplace by ending unfair and deceptive practices 'With emphasis on those practices that\nmight unreasonably restrict or inhibit the free exercise of informed choice by consumers. The FTC\nrelies on economic analysis to support its law enforcement efforts and to contribute to the economic\npolicy deliberations of Congress, the Executive Branch and the public.\n\n                                      AUDIT ACTIVITIES\n\n        During the six month reporting period ending September 30, 2008, the OIG completed\nthe following activities:\n\n        \xe2\x80\xa2      AR 08-002 - Review ofthe FTC Administration ofLeave\n\n        \xe2\x80\xa2      AR 08-003 - Follow-up Report on Audit ofFTC Redress Administration\n               Performed by Analytics, Inc. (AR-06-07 I)\n\n        \xe2\x80\xa2      AR 08-004 - Review ofFederal Trade Commission Implementation ofthe Federal\n               Information Security Management Actfor FY 2008\n\n\n                          Summary Information on Completed Audits\n\nAR 08-002 - Review ofthe FTC Administration ofLeave\n\n       The objective of this audit was to determine 'Whether the FTC properly administers leave in\naccordance 'With Office of Personnel Management and internal policies and procedures.\n\n        As a benefit to employees, the Federal government provides employees several types of\nleave, many of which are earned because of employment longevity 'With an agency. The traditional\ntypes of leave earned because of employment with the Federal government are annual and sick\nleave. Other types of leave that can be banked or allowed by statute include court leave, military\nleave, religious comp time, and Leave Without Pay (LWOP).\n\n        We found that overall, the Federal Trade Commission followed the policies and procedures\npromulgated by OPM for leave management. However, our audit found minor discrepancies in the\nleave database that were caused by manual input corrections, but these discrepancies did not affect\nthe outcome ofthis audit. We also found that not all timekeepers interviewed record compensatory\novertime work for religious observances in the Federal Personnel and Payroll System (FPPS).\nInstead, manual records were kept in the local office to control the earning and use ofcompensatory\novertime work for religious observances. In addition, we found that the policy on the charging of\nmilitary leave needed to be updated because of changes by OPM.\n\n\n\n\n                                               -1-\n\x0c          We recommended that the Director, Human Resources Management Office stress to\n  timekeepers the need to record all time in the FPPS, including the earning and use of compensatory\n  overtime work for religious observances; assess the need for training for all new timekeepers; and\n  revise the policy on charging military leave to reflect updated OPM regulations. Management\n  agreed with our recommendations and has initiated corrective actions.\n\n AR 08-003 - Follow-up Report on Audit ofFTC Redress Administration Performed by Analytics,\n Inc.\n\n        Our objective was to determine the status of recommendations made to Redress\n Administration Office's (RAO) in the Audit of FTC Redress Administration Performed by\n Analytics, Inc. (AR-06-071). The purpose of that audit was to evaluate financial controls in place\n at Analytics over the redress process and also to assess the RAO oversight of\n contractor-administered redress. The audit found many effective management controls in place at\n RAO. The report made eight recommendations to improve RAO's oversight of redress payments.\n\n         In this follow-up, we found that the RAO has taken actions which addressed the intent of all\n eight recommendations from the original report and we consider all issues closed.\n\n AR 08-004 - Review ofFederal Trade Commission Implementation ofthe Federal\n Information Security management Actfor FY 2008\n\n         The objectives were to evaluate the adequacy ofthe FTC's information security program and\n its procedures for identifying and protecting Personally Identifiable Information (PI!) and other\n Privacy Act concerns. This information is provided to senior management and others to enable them\n to determine the effectiveness of overall security programs, to ensure the confidentiality and\n integrity of data entrusted to the FTC, and to develop strategies/best practices for cost effectively\n improving information security.\n\n         A critical component ofthe FISMA information assurance program monitoring requirements\n is an independent assessment of program effectiveness by the Inspector General (IG) of the\n respective federal agency. This assessment is intended to identify weaknesses in agency programs,\n provide recommendations for corrective actions, and monitor agency success in maintaining the\n security of agency information assets (hardware, software, data, and system availability). In its FY\n 2008 FISMA reporting guidance, Office of Management and Budget expanded the scope of the\n annual FISMA assessment to include evaluation of agency policies and procedures for collecting,\n storing and protecting privacy information.\n\n        This year's OIG review found that the FTC security environment is strong and robust and\ncontinues to evolve to expand its coverage and to address changing threats and requirements. FTC\nmanagement recognizes that continued vigilance, and resource investment is required to continue to\nprotect the data entrusted to its care and secure the availability and integrity of the information\ntechnology (IT) systems that are critical to the agency's ability to successfully complete its antitrust\nand consumer protection missions.\n\n\n\n\n                                                  -2-\n\x0c        The FTC Information and Teehnology Management Offiee (ITMO) has implemented or\naddressed most of the OIG-identified seeurity vulnerabilities discussed in the prior year evaluation.\nITMO took aetions that addressed 15 of 19 reeommendations at FTC Headquarters and 6 of the 8\nrecommendations at the San Francisco Regional Office. Our analysis of the current FTC\nsecurity/privacy control environment identified 12 findings at Headquarters (6 with an estimated\nLOW severity and 6 MEDIUM). Generally, the recommendations addressed two areas: FTC's efforts\nto continue revising and updating security policies, and procedures and guidelines and the continued\nrefinement of FTC's system inventory. The major effort for ITM next year will be its focus on\nestablishing a contractor owned and operated network.\n\n\n                                          Planned Audits\n\n        The OIG plans the following activities during the first half of FY 2009:\n\n        \xe2\x80\xa2      AR 09-001- Audit ofthe FTC's Financial Statements for Fiscal Year 2008\n\n        \xe2\x80\xa2      AR-09-XXX- Audit ofFTC's Compliance with Domestic and International Travel\n               Regulations\n\nAR 09-001- Audit ofthe FTC's Financial Statements for Fiscal Year 2008\n\n        This audit is required annually under the Accountability of Tax Dollars Act of 2002. The\npurpose of the audit is to express an opinion on the financial statements of the Federal Trade\nCommission for the fiscal year ending September 30, 2008. The audit will also test the internal\ncontrols associated with the FTC's financial system and assess compliance with seleeted laws and\nregulations. The audited financial statements are required to be included in the financial section of\nthe agency's Performance and Accountability Report to be issued on or before November 17,2008.\n\n       The size and tight deadlines needed for this audit require that the OIG hire an independent\npublic aecountant to perform this work. The OIG will act as the Contracting Officer's Technical\nRepresentative (COTR) and provide oversight on the contract.\n\nAR-09-XXX- Audit ofFTC's Compliance with Domestic and International Travel Regulations\n\n        The objective of this audit will be to determine compliance with applicable travel\nregulations. We will determine ifthe FTC Travel program is in compliance with GSA Federal Travel\nregulations and internal agency travel policies. We will also test the accuracy and integrity of the\naccounting data related to FTC travel.\n\n        We will review the administration ofthe FTC travel program including but not limited to the\nfollowing: I) Administration of the Travel Card program; 2) Review the new automated travel\nsystem; 3) Review voucher accuracy; 4) Premium Class travel; and 5) Accounting data.\n\n        A new electronic travel system was introduced to FTC employees in August 2006. This audit\nwill cover the dates August 2006 through March 2008 and may be expanded according to initial\nfindings.\n\n                                                -3-\n\x0c                                      Other Potential Reviews\n\n       During the year we will also conduct research on the following FTC operations to determine\nany areas for audit:\n\n        \xe2\x80\xa2        Review ofselected contracts\n\n        \xe2\x80\xa2       Inventory controls over accountable property\n\n\n                                    INVESTIGATIVE ACTIVITIES\n\n         The Inspector General is authorized by the IG Act to receive and investigate allegations of\nemployee misconduct as well as fraud, waste and abuse occurring within FTC programs and\noperations. Matters of possible wrongdoing are referred to the OIG in the form of allegations or\ncomplaints from a variety of sources, including FTC employees, other government agencies and the\ngeneral public. Reported incidents ofpossible fraud, waste and abuse can give rise to administrative,\ncivil or criminal investigations.\n\n        In conducting criminal investigations during the past several years, the OIG has sought\nassistance from, and worked jointly with other law enforcement agencies, including other OIGs, the\nFederal Bureau ofInvestigation, the U.S. Postal Inspection Service, the U.S. Secret Service, the U.S.\nMarshals Service, the Internal Revenue Service, U.S. Capitol Police, Federal Protective Service as\nwell as state agencies and local police departments.\n\n                                      Investigative Summary\n\n        During this reporting period, the OIG received 40 consumer and other inquiries and reports\nof possible wrongdoing, Of the 40 complaints, 23 involved issues that fall under the jurisdiction of\nFTC program components (identity theft, credit repair, Do Not Call violations, etc.). These matters\nwere referred to the appropriate FTC component for disposition. Of the remaining complaints, the\nOIG opened three new investigations and 10 complaints were closed with no further OIG action. We\nreferred three complaints to another federal agency with appropriate jurisdiction to assist the\nindividual and the remaining complaint is ongoing at the close of this reporting period (i.e., the OIG\nis currently conducting a preliminary inquiry into the matter).\n\n       In one of the foregoing matters referred to the OIG during the current reporting period, we\nprovided investigative resources and support to the Department of Treasury OIG in connection with\nan ongoing investigation of an employee of that agency.\n\n\n\n\n                                                 -4-\n\x0c      Following is a summary of the OIG's investigative activities for the six-month period ending\n September 30, 2008:\n\n\n\n                             PLUS: New cases                     3\n\n\n                           Cases pending as of 9/30/08           5\n\n                                       Investigations Closed\n\n        During this reporting period, the OIG closed four investigations. The first investigation,\nopened during a prior reporting period, involved an allegation that a GS- I5 FTC employee was\nmisusing his Government computer by viewing pornographic images, some of which may have\ninvol ved minors. Because the alleged misconduct could implicate federal criminal statute, the\nagency's Human Resources Management Office referred the allegation to the OIG. Evidence\nobtained by the OIG indicated that the employee affirmatively searched for pornographic internet\nwebsites, to include child pornography and/or child erotica, from his FTC office while using his FTC-\nissued computer. The websites visited by the employee included sites containing child pornography\nimages. The OIG obtained a forensic image of the employee's computer hard drive and forensic\nanalysis revealed that some ofthe pornographic images that were recovered from the hard drive were\nidentified as child pornography and/or child erotica. The employee's alleged misuse of his\nGovernment computer dated back to 2002. Our investigation revealed that the agency's Information\nTechnology Management Office had notified the employee's supervisor about the employee's alleged\ncomputer misuse on multiple occasions, dating back to 2005.\n\n        The OIG sought to interview the employee, however, through counsel, he exercised his Fifth\nAmendment right against self-incrimination and refused to submit to questioning. The OIG presented\nthe investigative findings to the Department of Justice (Unites States Attorney for the District of\nColumbia). The prosecutor reviewed the evidence and identified images that contained known\nvictims ofchild pornography and/or exploitation. Although the victims were affirmatively identified,\nthe number of images containing known victims of child pornography and/or exploitation failed to\nmeet the prosecutorial threshold, therefore, DOJ declined criminal prosecution. With this\ndeclination, the OIG renewed its attempt to interview the employee. His counsel failed to produce\nthe subject for the required interview.\n\n       The OIG transmitted an investigative referral describing administrative violations to the\nattorney's organizational head, with ultimate supervisory responsibility over both the attorney and\nthe supervisor who had previously been informed of the alleged computer misuse. The OIG was\ninformed that the employee retired shortly after transmittal of the OIG investigative referral.\n\n\n\n\n                                                -5-\n\x0c         The orG closed an investigation opened during the prior reporting period involving alleged\nmisuse ofa Goverrnnent computer and operating a business outside ofhis FTC employment that may\nconflict with his official position. The orG received an allegation that an agency employee was\ncontacting outside attorneys who represented clients in FTC premerger filings in an attempt to sell\nsoftware marketed by his private business. The employee, through his private business, marketed\nthe software to outside counsel as an aid in their preparation of pre-merger notifications required\nunder the Hart-Scott-Rodino Act of 1976 (HSR). Although the employee had obtained agency\napproval for his outside business, our investigation revealed that he was using information obtained\nfrom sources available to him because of his FTC employment. This contradicted his prior\ncertification to the agency ethics staff that he would not use FTC resources, his official position or\nany information obtained as a result of his official position to further his private business interests.\nOur investigation also revealed that the employee installed software on his FTC-issued computer\nwithout agency approval and in violation of agency policy. The orG referred its investigative\nfindings to management for further action.\n\n        Another closed investigation involved an allegation that an FTC attorney diclosed nonpublic\ninformation without Commission authorization. We received the allegation from counsel\nrepresenting a respondent (a publicly traded company) in an FTC enforcement matter. Counsel\nalleged that an agency source was leaking information to individuals in the securities investment\nindustry (e.g., industry analysts and portfolio manager) regarding the FTC's investigative and\nenforcement activity relating to a particular company and industry. Our investigation uncovered no\nevidence indicating either (1) that an unauthorized disclosure had occurred, as alleged, or (2) the\nsource of any unauthorized disclosure, assuming that the disclosure had occurred. We closed the\nmatter with no referral of our investigative findings.\n\n         The final investigation closed during the reporting period involved an allegation received\nfrom an agency supervisor regarding possible misuse of FTC resources. The supervisor suspected\nthat a member of his staff was using Goverrnnent resources in connection with the operation of the\nemployee's private home-based business. During an OIG investigative interview, the employee\nadmitted to using the FTC email account for the private business and having at least one piece of\ncorrespondence (a check) sent to the employee's FTC work address. Although the employee had\npreviously obtained FTC ethics staff approval for the private business, the foregoing actions violated\nthe terms under which agency approval was granted. The approval was contingent upon the\nemployee's certification that FTC resources would not be used in connection with the private\nbusiness. The OIG referred its investigative findings to the employee's supervisor, who had made\nthe initial allegation, for further action. Management action respecting the referral is pending.\n\n                             Matters Referred for Prosecution\n\n        During this reporting period the orG did not refer any new matters to the Department of\nJustice (DOJ) for consideration of potential criminal action. The closed investigative matter,\ndescribed in the preceeding section, was presented to DOJ during a prior reporting period.\n\n        Another matter, referred to DOJ during a prior reporting period remains pending at DOJ, with\nno final action to date.\n\n\n\n                                                 -6-\n\x0c                                   OTHER ACTIVITIES\n\n        During this reporting period, our OIG has sought the technical expertise of the United States\nPostal Service OIG in conducting an ongoing criminal investigation.\n\n       Our Counsel participates regularly in the monthly meeting of the Council of Counsel to the\nInspectors General, as well as contributes to the legal discourse within that Council on matters that\nare germane to the entire IG community.\n\n                                  Management Advisories\n\n        The OIG issued no new Management Advisories during this reporting period.\n\n                            Significant Management Decisions\n\n        Section 5(a)(l2) of the Inspector General Act requires that if the IG disagrees with any\nsignificant management decision, such disagreement must be reported in the semiannual report.\nFurther, Section 5(a)(II) ofthe Act requires that any decision by management to change its response\nto a significant resolved audit finding must also be disclosed in the semiannual report. For this\nreporting period there were no significant final management decisions made with which the OIG\ndisagreed and management did not revise any earlier decisions on OIG audit recommendations.\n\n                                   Access to Information\n\n        The IG is to be provided with ready access to all agency records, information, or assistance\nwhen conducting an investigation or audit. Section 6(b)(2) of the IG Act requires the IG to report\nto the agency head, without delay, if the IG believes that access to required information, records or\nassistance has been unreasonably refused, or otherwise has not been provided. A summary of each\nreport submitted to the agency head in compliance with Section 6(b)(2) must be provided in the\nsemiarmual report in accordance with Section 5(a)(5) of the Act.\n\n        During this reporting period, the OIG did not encounter any problems in obtaining assistance\nor access to agency records. Consequently, no report was issued by the IG to the agency head in\naccordance with Section 6(b)(2) of the IG Act.\n\n                                     Audit Resolution\n\n        As of the end of this reporting period, all OIG audit recommendations for reports issued in\nprior periods have been resolved. That is, management and the OIG have reached agreement on what\nactions need to be taken.\n\n\n\n\n                                                -7-\n\x0c                                       Review of Legislation\n\n         Section 4(a)(2) of the IG Act authorizes the IG to review and comment on proposed\nlegislation or regulations relating to the agency or, upon request, affecting the operations of the orG.\nDuring this reporting period, the OfG reviewed no legislation.\n\n                           Contacting the Office of Inspector General\n\n       Employees and the public are encouraged to contact the orG regarding any incidents of\npossible fraud, waste, or abuse occurring within FTC programs and operations. The OfG telephone\nnumber is (202) 326-2800. A confidential or anonymous message can be left 24 hours a day.\nComplaints or allegations offraud, waste or abuse can also be emailed directly to orG@ftc.gov. OIG\nmail should be addressed to:\n\n                                      Federal Trade Commission\n                                      Office oflnspector General\n                                      Room NJ-IIIO\n                                      600 Pennsylvania Avenue, NW\n                                      Washington, D.C. 20580\n\n        OfG reports can be accessed via the internet at: www.ftc.gov/oig. A visitor to the OtG home\npage can download recent (1996-2008) OtG semiannual reports to Congress, the FY 1998 - 2008\nfinancial statement audits, and other program and performance audits issued beginning in FY 1999.\nA list of audit reports issued prior to FY 1999 can also be ordered via an e-mail link to the OIG. In\naddition to this information resource about the orG, visitors are also provided a link to other federal\norganizations and Offices of Inspector General.\n\n\n\n\n                                                 -8-\n\x0c                                TABLE I\n                     SUMMARY OF INSPECTOR GENERAL\n                        REPORTING REQUIREMENTS\n\n\nIG Act Reference Reporting Requirement                                        Page(s)\n\nSection 4(a)(2)    Review of legislation and regulations                       8\n\nSection 5(a)(I)    Significant problems, abuses and deficiencies                1-3\n\nSection 5(a)(2)    Recommendations with respect to significant\n                   problems, abuses and deficiencies                            1-3\n\nSection 5(a)(3)    Prior significant recommendations on which\n                   corrective actions have not been made                       8\n\nSection 5(a)(4)    Matters referred to prosecutive authorities                 7\n\nSection 5(a)(5)    Summary of instances where information was refused          8\n\nSection 5(a)(6)    List of audit reports by subject matter, showing dollar\n                   value of questioned costs and funds put to better use       10-11\n\nSection 5(a)(7)    Summary of each particularly significant report             1-3\n\nSection 5(a)(8)    Statistical tables showing number of reports and\n                   dollar value of questioned costs                            10\n\nSection 5(a)(9)    Statistical tables showing number of reports and dollar\n                   value of recommendations that funds be put to better use    11\n\nSection 5(a)(10)   Summary of each audit issued before this reporting\n                   period for which no management decision was made\n                   by the end of the reporting period                          8\n\nSection 5(a)(11)   Significant revised management decisions                    7\n\nSection 5(a)(12)   Significant management decisions with which\n                   the Inspector General disagrees                             7\n\n\n\n\n                                        -9-\n\x0c                                TABLE II\n                    INSPECTOR GENERAL ISSUED REPORTS\n                         WITH QUESTIONED COSTS\n\n\n\n                                                                     Dollar Value\n\n                                                    Number   Questioned Unsupported\n                                                               Cost        Costs\n\nA.   For wbich no management decision\n     has been made by the commencement\n     of the reporting period                          0          0              0\n\nB.   Which were issued during the\n     reporting period                                 0          0              0\n\n     Subtotals (A + B)                                0          0              0\n\nC.   For which a management decision\n     was made during the reporting period             0          0              0\n\n     (i) dollar value of disallowed costs             0         0               0\n\n     (ii) dollar value of cost not disallowed         0         0               0\n\nD.   For which no management decision\n     was made by the end of the reporting\n     period                                           0         0               0\n\n     Reports for which no management\n     decision was made within six months\n     of issuance                                      0         0               0\n\n\n\n\n                                            - 10-\n\x0c                                     TABLE III\n\n              INSPECTOR GENERAL ISSUED REPORTS\n     WITH RECOMMENDAnONS THAT FUNDS BE PUT TO BETTER USE\n\n\n\n                                                                  Dollar Value\n\n                                                 Number   Ouestioned    Unsupported\n                                                            Costs          Costs\nA. For which no management decision has\n     been made by the commencement of the\n     reporting period                              0          0              0\n\nB. Which were issued during this period            0          0              0\n\nC.   For which a management decision was\n     made during the reporting period              0          0              0\n\n     (i) dollar value of recommendations\n     that were agreed to by management             0          0              0\n\n     - based on proposed management action         0          0              0\n\n     - based on proposed legislative action        0          0              0\n\n     (ii) dollar value of recommendations that\n   were not agreed to by management                0          0              0\nD. For which no management decision has\n   been made by the end of the reporting\n   period                                          0          0              0\n\n     Reports for which no management decision\n     was made within six months of issuance        0          0              0\n\n\n\n\n                                        - 11 -\n\x0c"